Article Article

Austria’s Financial Market Authority and Austrian National Bank issue audit priorities for 2023

The FMA and OeNB traditionally published1 their focal points for supervisory activities for the new year at the end of December. The focal points reflect the broad supervisory spectrum of the authorities. They cover both the traditional banking and insurance sectors as well as new market segments such as crowdfunding and crypto. The authorities publish the strategy paper for reasons of transparency and to create predictability for the supervised entities as well as market participants.

networkdiagram final 1

Resilience and Stability

  • Rapid vulnerability identification: monitoring of geopolitical and economic developments and their impact; ongoing discourse with supervised entities; vulnerability testing and stress testing.
  • Improving capital adequacy and addressing of risks: ensuring an adequate capital structure of banks; focus on practical implementation of internal modules at insurance companies.
  • Sustainable lending: Review of the current sustainable lending standards to minimise credit risks, especially in relation to private residential real estate financings.
  • Establishment of the recovery and resolution structure for central counterparties2.
  • Improving the resolvability of Austrian banks: Implementation of European requirements on resolvability and identification of resolution obstacles.
  • Cross-border resolutions: Cross-border exercise on cross-border resolutions of banks, as lessons learned from the Sberbank resolution.

Digital transformation

  • Stability of digital systems: evaluation of information and communication technology (ICT) risk management at supervised entities; On-site ICT audits- focus on security, out-sourcing and third-party providers; further development of the FMA cyber dashboard and the concept for determining the degree of digital maturity; in each case in particular in preparation for DORA3 .
  • Resilience to cyber risks: Focus on auditing and detection of cyber risks; market survey of risk mitigation measures based on concrete incident scenarios; development of an EU framework for cyber stress testing.

New business models

  • Regulatory sandbox and new licensing: Six crowdfunding service providers are currently being mentored on the way to becoming concession-ready4; increase the attractiveness of the sandbox and process the data collected and the impressions gained so far.
  • Implementation IFR5 /IFD6: Implementation of the new European regulation for investment firms, in particular new capital and liquidity requirements, information, diligence and verification obligations; development of supervisory practice and establishment of necessary processes and expertise.
  • Preparing for the implementation of the European crypto regulations: Developing expertise and processes for the crypto regulations that will soon come into force (MiCA and DLT pilot regime); monitoring new technical and economic developments and potential adaptions of the regulations to enable innovation.

Collective consumer protection

  • Expansion of risk-oriented market monitoring: monitoring of market trends and potential impact of inflation; continuation and deepening of monitoring, in particular under MiFIR.
  • European “common supervisory actions”: cooperation of European supervisory authorities to promote the clear and comprehensible marketing of financial products, especially opportunities and risks, rights and obligations – focus on green products as well as advertising.
  • Information and marketing messages on websites: Focus on presentation of balanced information and marketing messages and appropriate sanctioning of violations.
  • Transparency of premium increases in the insurance sector
  • Consumer information – inflation, pensions schemes, sustainability and crypto-assets: The FMA will present current information on its website in a comprehensible manner and further promote existing formats – such as the ABC of Finance or “Reden wir über Geld” (Let’s talk about money).


  • Integration of sustainability risks into risk management, strategy and governance: The FMA will continuously review and assess the integration of sustainability risks, especially in the context of its supervisory processes.
  • Sustainability in disclosure and non-financial reporting: The FMA will evaluate the first-time disclosures made in accordance with the new EU sustainability regulations (Taxonomy Regulation and SFDR) and clarify open points and points of legal uncertainty.
  • Greenwashing: Compliance with the disclosure and information obligations in the area of sustainability is to be reviewed and violations punished; the FMA is focusing on combating and preventing greenwashing, especially in the area of consumer protection.

Clean financial centre

  • Monitoring and analysis of trends, business practices and whistleblowing reports: Market developments are to be continuously reviewed and new trends and business models are to be identified at an early stage; review of the market for market abuse; focus on investment fraud in whistleblowing reports.
  • Establishment of a national competence and information hub for the prevention of money laundering and terrorist financing: focus on cross-border cooperation; establishment of a national competence and information hub; establishment and development of the European Money Laundering Authority (AMLA).
  • More transparency on the supervisory competences of the FMA: Information campaign on the scope of supervision and competences of the FMA as well as on the different levels of protection of the various supervised business areas and companies (e.g. crowdfunding, crypto, etc.).
  • Preparation of the change from VASP to CASP supervision: Analysis of the experiences of the supervision of “Virtual Asset Service Providers”7 currently regulated under national law (FM-GwG) as preparations enfold for the establishment of “Crypto Asset Service Providers” (CASP) in accordance with the provisions of the MiCA. The regulation will provide for a licensing system with the possibility of passporting within the EU.

1 For details:
2 Central Counterparties act as financial market infrastructures between the original counterparties to a financial market transaction, replacing the original transaction between these two counterparties with two transactions between the CCP and the respective counterparties.
3 Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience in the financial sector –
4 One securities service provider has already been granted a licence under the Regulatory Sandbox.
5 IFR: Investment Firms Regulation – Regulation (EU) 2019/2033
6 IFD: Investment Firms Directive – Guideline (EU) 2019/2034.
7 In November, 24 VAPS were registered with the FMA.